Commit a3de1d1b authored by Darek Stojaczyk's avatar Darek Stojaczyk
Browse files

CHANGELOG.md: mention security vulnerabilities 



Change-Id: Ibb3f43f97e649aa98e1adaa8cb20fb8d1cb213b6
Signed-off-by: default avatarDarek Stojaczyk <dariusz.stojaczyk@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/463665


Reviewed-by: default avatarPaul Luse <paul.e.luse@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
parent b64ff135

CHANGELOG.md

+12 −0
Original line number Diff line number Diff line
@@ -247,6 +247,11 @@ and CXX to the cross compilers, then run configure as follows: 


### vhost



A security vulnerability has been identified and fixed in SPDK Vhost-SCSI target.

A malicious client (e.g. a virtual machine) could send a carefully prepared,

invalid I/O request to crash the entire SPDK process. All users of SPDK Vhost-SCSI

target are strongly recommended to update. All SPDK versions < 19.07 are affected.



By default, SPDK will now rely on upstream DPDK's rte_vhost instead of its fork

located inside SPDK repo. The internal fork is still kept around to support older

DPDK versions, but is considered legacy and will be eventually removed.
@@ -256,6 +261,13 @@ version is >= 19.05. 


spdk_vhost_init() is now asynchronous and accepts a completion callback.



### iscsi target



A security vulnerability has been identified and fixed in SPDK iSCSI target.

A malicious client (e.g. an iSCSI initiator) could send a carefully prepared,

invalid I/O request to crash the entire SPDK process. All users of SPDK iSCSI

target are strongly recommended to update. All SPDK versions < 19.07 are affected.



### thread



Exposed spdk_set_thread() in order for applications to associate